Malware Analysis Report

2024-12-01 22:18

Sample ID 230222-ybf18afa5v
Target 123.apk
SHA256 a611d499b9528df337068120ad26aed967fad6c3fd1af7fd3f7473698760c612
Tags
gigabud
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a611d499b9528df337068120ad26aed967fad6c3fd1af7fd3f7473698760c612

Threat Level: Known bad

The file 123.apk was found to be: Known bad.

Malicious Activity Summary

gigabud

Gigabud family

Requests dangerous framework permissions

Loads dropped Dex/Jar

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-02-22 19:36

Signatures

Gigabud family

gigabud

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-02-22 19:36

Reported

2023-02-22 19:37

Platform

android-x64-20220823-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-02-22 19:36

Reported

2023-02-22 19:37

Platform

android-x64-arm64-20220823-en

Max time kernel

2057377s

Max time network

15s

Command Line

ru.yandex.taxi

Signatures

N/A

Processes

ru.yandex.taxi

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.206:443 android.apis.google.com tcp

Files

/data/user/0/ru.yandex.taxi/files/.fstreaming/fInProgress/currentFile

MD5 ec7fc15f2c6eed84be76d85d708aae58
SHA1 a838f78c48ab85cdab7c1b746016f3f2ffa6f6b7
SHA256 789e19e63f6f04913d65b699c1c99de71930586da7ed9965adae42922e7e99f7
SHA512 f94d750052a583f3764f1c7aa75f05f039d8f02d57306c1407f8ed7a461d9962121537577e564d35a217d29df3f5211087e1c8b27c36baf5e18c00f8149a543f

/data/user/0/ru.yandex.taxi/no_backup/.flurryNoBackup/installationNum

MD5 f04aa85432b86be2e41d0e627c3bcdbd
SHA1 22cb79ab180fac72e1cef1882dfd97664eca5c63
SHA256 08fa91bdae6b5f9ea4fc51960854ce2e90bfbfbe9e57b179f7eea7f8a4a57082
SHA512 0c43f0043525fcf7ebef9732085e4e11e49778efd3365ffc83151aee168e9b4fb4aaf45b2edda47a69403583f0f66dc364c25cac9046153ffd86009ca68891e1

/data/user/0/ru.yandex.taxi/shared_prefs/Setting.xml

MD5 29362c1f408b1d95208a82436969d8ee
SHA1 26248c79fb70c216d59ae505190f3bc148779fcf
SHA256 cdf86f6046967003b533ce727bbeb6f1cc60a12887ee9dbe963704cfe88d8bc5
SHA512 29dc982c8ba1326c1b36ee3d6b08eb190253f598ef2b667d3db151ea051944909e2b61892f3ba380d91373d14b6cc439edf75be4caa1cb18b1caa327deeaf86f

/data/user/0/ru.yandex.taxi/shared_prefs/FLURRY_SHARED_PREFERENCES.xml

MD5 724bca6ef2ed083e2540fad0721c37e0
SHA1 abccb5f0864b73ef98aea948b91d2e104ec4bc45
SHA256 a0c9f1ba6c24359dd619f80ccd2885919505b10080c7d262d8d2e5005f639211
SHA512 27f8375c9654d0a3b37e87e82792077f821361f7aa3282e81a198ec5dd354e4dee77bd60e5ec7e9e89569afbcb86038cd9b1196b8875183f7a5fda44f3fb1150

/data/user/0/ru.yandex.taxi/shared_prefs/FLURRY_SHARED_PREFERENCES.xml

MD5 ff4cf87396bf3045b739983b95fb10d3
SHA1 c628e32963235efdaa5ece4e119fc780577cf1ca
SHA256 49bdb50810b2f74b9717bc959ebb7357250d9dd1d26b32977a940216fc8355c7
SHA512 123aafb84b3c68ee39067e909eb9553f4a396b82ecebc08413c14b5345cf3347d00698f77281104da7242760646b9c181b65c66101e9ce9a6a96feef39bbf769

Analysis: behavioral3

Detonation Overview

Submitted

2023-02-22 19:36

Reported

2023-02-22 19:37

Platform

android-x86-arm-20220823-en

Max time kernel

2053779s

Max time network

15s

Command Line

ru.yandex.taxi

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A N/A N/A N/A

Processes

ru.yandex.taxi

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 216.58.214.10:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.206:443 android.apis.google.com tcp

Files

/data/user/0/ru.yandex.taxi/no_backup/.flurryNoBackup/installationNum

MD5 b1ff5b65c2ed71e8c092cb8f282117ab
SHA1 f71073ebd55f521013cdfeac99c18d280e972d4e
SHA256 e91fc6cb69ac9ed9c89e0c29cd1924e1f4597f034cc6832950b864397d231dad
SHA512 a365db4900fcb324bf47876a5734e610b78471b6c882fca3bf6c6529ff6238930d63af9ed89944dc6be3cffec9dcf6d89c9accabc8a25b9d628d4db273cdfc2b

memory/4082-0.dex

MD5 d1ca59756ca7d3ac22f5d7332bbd8996
SHA1 9ce4c48f09cca8cb576ba253d3580d8cb2c84786
SHA256 af4f21fbd7c6dd88fb066feec305e8f79e9f9fbb803c6074be222ea7ff649cac
SHA512 da8fb3c6ae40a6d813e87ce6ccfb5520b7dc9b00a6b5bebc58c2988ccd6d3a78fa14de91cecaeedc4e81621de8e336689fce3757b07718830d846e547ca9b8a4

/data/user/0/ru.yandex.taxi/files/.fstreaming/fInProgress/currentFile

MD5 64f4ce03e27ceedcff80e106a1e7d0e4
SHA1 307674941f03e1f379319f81ed33b110ae085c17
SHA256 ea999b3835ec8d6d296a581a8da5755c0a676e352d0f1b913729d2b162ab9a48
SHA512 19765ef137948dc158884f2aaf9500d88a9555561eb24ec01c9d1ea6a53510121cdd20af54ac931c2db1a1d791204970fbd0b0ac715417e17a8976321e6e5ab1

/data/user/0/ru.yandex.taxi/shared_prefs/FLURRY_SHARED_PREFERENCES.xml

MD5 724bca6ef2ed083e2540fad0721c37e0
SHA1 abccb5f0864b73ef98aea948b91d2e104ec4bc45
SHA256 a0c9f1ba6c24359dd619f80ccd2885919505b10080c7d262d8d2e5005f639211
SHA512 27f8375c9654d0a3b37e87e82792077f821361f7aa3282e81a198ec5dd354e4dee77bd60e5ec7e9e89569afbcb86038cd9b1196b8875183f7a5fda44f3fb1150

/data/user/0/ru.yandex.taxi/shared_prefs/Setting.xml

MD5 90aab5a7dff3de3a8753a8847e404da8
SHA1 4e54da769d919c014ee8fb1b1b8689400081ce5b
SHA256 4ab17b00adcf67218267011c4c69bad63812329928bc2e46c6117d197bd73524
SHA512 9684e5a66f04a4237345d3c910111ef21fa874680a2a91fa9f163b3b68acbf5978d9563bc0b6a5d31c8c8d1fc562928ae57cb499469607ac1866e00aa2bece63